Scanning encrypted files (EFS/NTFS)

When running a scheduled NOD32 scan, it skips encrypted files. I did a test. Put two executables on my desktop, encrypted one of them, then set up a scheduled scan.

The log shows the encrypted file was not scanned ([4] File cannot be open. It is being exclusively used by another application or operating system).

If I initiate the scan manually, then it scans the file fine.

Is there some way of changing the user profile that scheduled scans run under?

(I'm running Windows 2000, under a created user account (not administrator) with admin privileges. The files are encrypted by this account)

 

Steve_Da_B: Could you not use the Windows Task Scheduler to do this (i.e., define a task with a suitable NOD32 command line)? It allows you to set the user account under which the task runs.

 

No doubt I could.

But I would consider that a clumsy work-around. NOD32 should let you configure the account that scheduled tasks run under.

I haven't had this problem with NAV or Kaspsersky.

 

That may well be, but I was trying to offer you a solution. Ah well, doubt if I will again.

 

Steve:
Your suggestion is very much appreciated!

And I will probably end up using your solution unless I hear anything better from people closer to Eset.

My criticism is of the software, not of your response.

Sorry if you took offence at my posting.

 

No problem, Steve. Point taken

 

When you schedule a scan task, you can select the profile to be used for scanning:

 

That's not a user profile, it's a NOD32 profile.

The problem is that whatever Windows 2000 user profile the scheduled scan runs under, it cannot read my encrypted files -- which I can read when I am logged in.

Therefore it can't scan them.

I don't have this problem with manual scans -- it scans encrypted files fine.

 

This is normal.

If you start NOD32 scanner from icon or from NODcc then it run from your account. But planed scan run from system account (same as NOD32krn.exe) - and system account can't open files encrypted in your account.

 

This is exactly ewhat Steve_Da_B's issue is! It's only 'normal' (but wrong) because NOD32 fails to offer a way to specify the user account for scheduled runs. In fact, by default it should really run scheduled scans under the logged-on user, with the optional facility to specify a different user account. Have a look at the Task Manager to see how it *should* be done.

 

Absolutely.

The "normal" behaviour of NOD32 means effectively I can't run scheduled scans -- whereas I can do this with other AV progs, such as KAV and Norton.

I think it is entirely reasonable to (a) have your main account as not the administrator account and (b) have some of your files encrypted, and expect your AV program to be able to deal with this.

I can of course run scheduled scans from the windows scheduler, but this means the application window popping up when I am working -- and for me the advantage of NOD32 is low footprint/fast/little impact on system performance, which means it would be ideal for running scheduled scans from NOD32 as I would hardly notice the impact.

 

So now I am running my scans from the windows task scheduler to get around this problem.

Would be interested to know if anyone else considers this an issue -- having NOD's scheduled scanner being able to scan files encrypted under my account would be good. Being able to configure what scheduled jobs run from which accounts would be even better.

 

I agree. NOD32's shortcomings have always been the "niceties". It is a rather crude av in terms of its abilities to do things like this. Anyone who comes to NOD from other major av will be surprised and frustrated perhaps or unhappy that such a highly rated av could be so crude in its GUI and abilities. Version two is a big step forward from version one but Eset still has a long way to go to catch up with the major av in this regard. NOD makes things like running scheduled scans (which are so simple with NAV for instance) complicated and in the case of which you are speaking not doable. I gave up on trying to run scheduled scans with NOD32 along with a whole bunch of other important things that NOD can't do or does poorly or forces you to implement in a complicated manner ....all these things are done easily and as a normal part of the av with other vendors.

 

And the shame is, sorting out these "niceties" (though being able to run a scheduled scan that scans all my files is more of an "essentiality" than a "nicety") should be easy.

The hard work is done, NOD32 scans my system an order of magnitude faster than other AVs, it has the reputation in terms of picking up viruses... (and despite my, and others, criticisms of the UI I way prefer it to Kaspsersky's UI).

 

You don't need to use the Windows Scheduler to run the scanner - you can schedule a task to run external application nod32.exe in the NOD32's Scheduler/Planner.

 

I can indeed.

And do you know what happens? It doesn't scan my encrypted files because of the (non-configurable) user account that NOD runs its scheduled jobs under.

Which brings me back to my original point really.

At least when I use the Windows task scheduler I can decide what account the task runs under, so I can use my account and scan my files.